From what I can see, ngnix is now the web server of default with this release. I know with OpenBSD’s apache before it was a fully chrooted instance — is this the case now? (sorry, haven’t had time to plan with -current)

-u By default nginx will chroot(2) to the home directory of the user
running the daemon, typically ``www'', or to the home directory
of user in nginx.conf. The -u option disables this behaviour,
and returns nginx to the original "unsecure" behaviour.